I was wondering if you could kindly share with me your account expiration settings. Namely, I would like LDAP user accounts to be automatically disabled after certain date.
I tried using shadowExpire LDAP attribute.
I am using OpenBSD build in LDAP server as my centralized authentication and authorization server for our not so small ML Lab. I do have
attribute set for each user just like in this document (note that 15159 is the time in days from the UNIX epoch, I also tried setting up in seconds).
I also edited my sssd.conf file accordingly per only document I found on this topic on the Red Hat portal
access_provider = ldap
ldap_pwd_policy = shadow
ldap_access_order = pwd_expire_policy_reject
I also see this link
but I don't have Red Hat subscription. I am sure I am not the only one trying to implement account expiration policy.